Which of the following is MOST critical in protecting control systems that cannot be regularly
patched?
A.
Asset inventory
B.
Full disk encryption
C.
Vulnerability scanning
D.
Network segmentation
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
Shouldn’t this be D?
Patching a system fixes known vulnerabilities and bugs, and if a system cannot be patched it means there are known exploits that can be used against it. The best case in this scenario would be to separate it from the network to prevent an attacker from being able to connect to it without having physical access.
Full disk encryption would only protect the data at rest, so it would prevent data loss if someone attempted to steal the system. It would not stop an attacker from breaking into the system using known vulnerabilities however, especially over a network.
0
0
I agree with you the correct answer is D “Network segmentation”
0
0
If the question is asking “Which of the following is MOST critical in protecting DATA that cannot be regularly patched?”, then the answer could be “Full Disk Encryption”. However, the question points out “protecting control systems”, I agree the correct answer is “network segmentation”.
0
0
Network segmentation is accurate. Basically this is talking about SCADA systems and it is really difficult to do full disk encryption on a SCADA device–most are too old to understand encryption. Best you can do is separate the system from the outside world.
0
0